1. Field of the Invention
The present invention relates to a safety judgment method, a safety judgment system, a safety judgment apparatus and a first authentication apparatus, for judging the safety of an information processing apparatus among the information processing apparatus, the first authentication apparatus and a second authentication apparatus which are connected through a communication network, and a computer program product for causing a computer to function as a safety judgment apparatus, and more particularly relates to a safety judgment apparatus which is incorporated into an information processing apparatus, such as a mobile phone, home electronics and personal computer, to judge the safety of the information processing apparatus.
2. Description of Related Art
With the introduction of IPv6 (Internet Protocol Version 6), not only personal computers, server computers and mobile phones, but also home electronics, such as refrigerators, microwave ovens, air conditioners, TVs and DVD apparatuses, copying machines and further robots are connected as information processing apparatuses to communication networks such as the Internet, and transmit and receive information. With such an increase in the number of information processing apparatuses connected to the communication networks, security is lowered.
In particular, since the security of home electronics is low, there is a case where programs which obstruct normal operations of home electronics are sent from external devices, and there is a fear that home electronics is used as a stepping-stone for DDoS (Distributed Denial of Service). Hence, in order to increase the security of such information processing apparatuses, attempts were made to provide information processing apparatuses with a biometric authentication function using a fingerprint, etc. (see, for example, Japanese Patent Application Laid-Open No. 3-58174/1991).
However, there was a problem that it was difficult to ensure high security only by biometric authentication because fingerprint information for authentication may leak. In particular, when performing an electronic transaction by using such an information processing apparatus, it is desirable to perform the transaction after ensuring security by confirming whether the information processing apparatus is used by a proper owner, whether the transaction is performed using the owner's own information processing apparatus, whether devices or software, such as OS (Operating System), browser and plug-in software, which may harm security are not connected to or installed in the information processing apparatus, and so on.
Moreover, when providing such an information processing apparatus with patch software or firmware, it is necessary to ensure sufficient security between an apparatus that transmits the information and the information processing apparatus because there is a risk that the software being transmitted may be falsified by a third person. On the other hand, when the level of security is increased too high, it is hard to perform smooth transmission and reception of information.